# ISO 42001 Data Governance > Draft data governance procedures for AI systems under ISO/IEC 42001:2023. Tags: ISO 42001, Data Governance, Data Quality, Compliance, AI ## Example Prompts - Draft our data governance procedures for AI - Document data quality and provenance requirements - Update data security procedures for AI systems URL: https://rakenne.app/skills/iso42001-data-governance/index.md Try this skill: https://rakenne.app/a/?skill=iso42001-data-governance ## Overview Draft data governance procedures for AI systems under ISO/IEC 42001:2023. ## Getting Started Add your source materials to the project workspace, then activate the *ISO 42001 Data Governance* skill. The agent will guide you through the process step by step. ## Example conversation **You:** We need data governance procedures for our AI systems—acquisition, quality, integrity, security—aligned with ISO 42001 and our DPO. **Agent:** I’ll draft data governance procedures using the skill reference. I’ll cover data acquisition (sources, eligibility, consent where needed), quality (validation, cleaning, quality gates), integrity (versioning, lineage, provenance), security (access, retention, disposal), and bias/gap assessment where relevant. I’ll run **data_governance_check** on the draft and fix any missing elements, then align with your lifecycle and impact assessments. ## Output excerpt ### Data governance procedures excerpt **Data acquisition** — Sources and eligibility are documented per dataset. For personal data, lawful basis and consent (where required) are confirmed before use in training or operation. New sources are approved by [e.g. Data/Product]; checklist includes purpose limitation and retention. **Data quality** — Quality criteria (e.g. completeness, consistency, representativeness) are defined per use case. Validation and cleaning steps are logged. A quality gate (e.g. metrics report) is required before training or major retrain. Owner: Data/Product. **Data integrity** — Datasets are versioned; lineage and provenance are recorded (source, transformations, date). Changes are logged to support reproducibility and audit. **Data security** — Access to training and operational data is role-based; retention and disposal follow data policy. Sensitive data: [e.g. access log, encryption at rest]. Ref: [Information security / data protection policy]. **Bias and gap assessment** — For each material training dataset we assess representativeness and potential bias (e.g. demographic gaps); findings are documented and feed risk register and impact assessment. ## Extension and validation The skill includes **data_governance_check**, which validates data governance procedures for required elements: data acquisition (sources, eligibility, lawful use); data quality (criteria, validation, quality gates); data integrity (versioning, lineage, provenance); data security (access, retention, disposal); bias and gap assessment where relevant. Run it after drafting and address any missing elements. --- Back to [Skill Library](https://rakenne.app/skills/index.md)